[cyphunk]

clearer, thanks.

> What kind of attacks is this practice vulnerable to?

So long as the trust only translates to the very limited use cases then there is no vulnerability. Those limits basically mean that no trust should be assumed by anyone that did not participate in the WoT in question. This particular style of WoT means anyone wanting to retain anonymity needs to skip it, or am i missing something?

Mainly I think all WoT models i've seen thus far are too susceptible to sybil attacks (impersonation) and as a result instill bad habits.

you only need to look at people use of pgp today to see how much WoT's would be a failure if used. pgp.mit.edu still aint got ssl. journalists are linking to nonssl links for their key via twitter t.to urls